[asterisk-users] A new hack?
Steve Edwards
asterisk.org at sedwards.com
Fri Dec 2 11:44:24 CST 2011
On Fri, 2 Dec 2011, Jim Lucas wrote:
> How is using Fail2Ban less resource intensive then me writing (by hand)
> iptable rules?
It depends on how you define resources and how much of those resources you
have.
Gordon (based on my understanding of his posts) does a lot of Asterisk
systems on very limited hardware hosts. His approach uses iptables
features to limit the number of SIP INVITES and REGISTERS per second per
IP address.
Thus, Gordon's approach is more responsive (since it doesn't require
periodic log file scanning) and requires less hardware resources (since it
doesn't depend on running relatively 'slothish' resource intensive script
interpreters like Perl or PHP periodically).
If you have limited admin skills and more hardware resources, F2B makes
sense.
If you have more admin skills and limited hardware resources, Gordon's
approach makes more sense.
Personally, I find any approach that tracks log files 'hackish' but if you
centralize your logging (which I always do) it does allow you to detect
patterns of abuse across multiple hosts.
--
Thanks in advance,
-------------------------------------------------------------------------
Steve Edwards sedwards at sedwards.com Voice: +1-760-468-3867 PST
Newline Fax: +1-760-731-3000
More information about the asterisk-users
mailing list